Hello Robert I have seen your question about the requirement of the private key in haproxy and your suggestion that the webserver does not require a private key.
I should correct you there. The webserver does use a private key and the intermediate chain from the key signer too. The same for haproxy. You could append all keys together so you have ---- private key start --- --- private key end --- -- intermediate key start --- -- intermediate key end --- -- your public key (pem) start --- -- your public key (pem) end --- -- any other key you want start --- -- any other key you want end --- You then tell haproxy to use the combined pem file for SSL termination. I hope this helps. Regards Andrew Smalley Loadbalancer.org Ltd. On 28 September 2016 at 16:13, robert johnson <[email protected]> wrote: > Hi Guys, > > I tried searching the mailing list with no luck. Any way, here is my > question: > > Why does haproxy require the private key in the PEM file when terminating > SSL? > > Other web servers only require the cert.... > > thanks, > > rob > > Valued Quality. Delivered. > ------------------------------ > CONFIDENTIALITY NOTICE > This e-mail may contain confidential or privileged information, if you are > not the intended recipient, or the person responsible for delivering the > message to the intended recipient then please notify us by return e-mail > immediately. Should you have received this e-mail in error then you should > not copy this for any purpose nor disclose its contents to any other person. > > Intertek is dedicated to Customer Service and welcomes your feedback. > Please visit http://www.intertek.com/email-feedback/ to send us your > suggestions or comments. We thank you for your time. > > Except where explicitly agreed in writing, all work and services performed > by Intertek is subject to our Standard Terms and Conditions of Business > which can be obtained at our website: http://www.intertek.com/terms/ > Should you have any difficulty obtaining these from the web site, please > contact us immediately and we will send a copy by return. >
